8 Replies Latest reply on Aug 20, 2009 11:32 AM by Luis Esquivel

    Authentication Error

    Luis Esquivel Newbie

      Hello,

      I am getting the following exception:

      ERROR [JBossWebRealm] Error during authenticate
      java.lang.IllegalStateException: Security Context has not been set
      at java.security.AccessController.doPrivileged(Native Method) ....

      I don't think I should post the entire exception here but if needed I will.

      Can somebody give me a hint as to what possible configuration issue I might be having with this? I don't know where to set the Security Context or how to set it.

      Thanks for your help.

        • 1. Re: Authentication Error
          Wolfgang Knauf Master

          Hi,

          I think you should post the entire exception here ;-), and also: when does the error happen (on deploy, on login)? Please post snippets of the security config.

          Doing a bit of google with your error message, I found this: http://www.jboss.org/index.html?module=bb&op=viewtopic&t=151883 Maybe the

          Best regards

          Wolfgang

          • 2. Re: Authentication Error
            Luis Esquivel Newbie

            Hello Wolfgang,

            Thank you for your reponse! The error happens during login.
            Below I have my login-config.xml and the entire exception.

            Thanks!!

            login-config.xml:
            <application-policy name="XYZ-login-module">

            <login-module code="org.XYZ.security.auth.XYZLoginModule" flag="required">
            <module-option name = "mode">USER</module-option>
            </login-module>

            </application-policy>

            Exception:
            08:10:05,523 ERROR [JBossWebRealm] Error during authenticate
            java.lang.IllegalStateException: Security Context has not been set
            at org.jboss.web.tomcat.security.SecurityAssociationActions$SetPrincipal
            InfoAction.run(SecurityAssociationActions.java:70)
            at java.security.AccessController.doPrivileged(Native Method)
            at org.jboss.web.tomcat.security.SecurityAssociationActions.setPrincipal
            Info(SecurityAssociationActions.java:270)
            at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebReal
            m.java:388)
            at org.apache.catalina.authenticator.FormAuthenticator.authenticate(Form
            Authenticator.java:258)
            at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
            torBase.java:417)
            at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValv
            e.java:92)
            at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.proce
            ss(SecurityContextEstablishmentValve.java:126)
            at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invok
            e(SecurityContextEstablishmentValve.java:70)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
            ava:127)
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
            ava:102)
            at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedC
            onnectionValve.java:158)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
            ve.java:109)
            at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
            a:330)
            at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:436)
            at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpPro
            tocol.java:384)
            at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:44
            7)
            at java.lang.Thread.run(Thread.java:619)

            • 3. Re: Authentication Error
              Wolfgang Knauf Master

              Hi,

              which JBoss version?

              I assume that you use a custom login module? If yes: please post it, too.

              In general, you should provide is with much more details about your app.

              Also, in the "Post reply" window, you should wrap all config and code snippets in "Code"-Blocks (see toolbar button), because this increases readability.

              Best regards

              Wolfgang

              • 4. Re: Authentication Error
                Luis Esquivel Newbie

                Hello Wolfgang and thanks for your reply!

                Ok, here is more information thanks for your patience.

                I am using JBoss 5.1.0GA - JDK6.
                I am also usuing a custom login config. Below is the configuration:

                 <application-policy name="MYCOMPANY-login-module">
                 <authentication>
                 <login-module code="org.MYCOMPANY.security.auth.MYCOMPANYLoginModule" flag="required">
                 <module-option name = "mode">USER</module-option>
                
                 </login-module>
                
                 </authentication>
                </application-policy>
                
                


                Part of the Login Module Code:
                
                public boolean login() throws LoginException
                 {
                 Session ses = null;
                 try
                 {
                 valid = false;
                 int code;
                 NameCallback n = new NameCallback("User Name - ", "Guest");
                 PasswordCallback p = new PasswordCallback("Password - ", false);
                
                 callbackHandler.handle(new Callback[]{n, p});
                 userName = n.getName().trim();
                 password = new String(p.getPassword()).trim();
                 code = General.getLoginID(userName, password); //validate login with username code >0 successfully authenticated
                 if (code > 0) //if valid login ID was found for user name and password
                 {
                 ses = HibernateFactory.getInstance().getSession();
                 Login login = (Login)ses.load(Login.class, Integer.toString(code));
                 namePrincipal = new MYCOMPANYPrincipal(login);
                 valid = true;
                 }
                 else if (isValidUserName(userName) && Employers.isValidTemporaryPassword(userName, password)) //if user name and password are valid
                 {
                 NewEmployeePrincipal nep = new NewEmployeePrincipal(userName);
                 Login login = new Login();
                 login.getAssociations().add(nep);
                 login.setCurrentAssociation(nep);
                 login.setName(userName);
                 namePrincipal = new MYCOMPANYPrincipal(login);
                 valid = true;
                 }
                 if (!valid)
                 {
                 logger.info("NOT A VALID login() - Invalid Username/Password combination - MYCOMPANYLoginModule.login()");
                
                 }
                 return valid;
                 }
                 catch(Throwable t)
                 {
                 t.printStackTrace();
                 logger.error("Exception - MYCOMPANYLoginModule: " , t);
                 SessionLog.exception(this.getClass().getName() + ".login() exception: ", t);
                 throw new LoginException(this.getClass().getName() + ".login() exception: " + t);
                 }
                 finally
                 {
                 if (ses != null)
                 {
                 try
                 {
                 ses.close();
                 }
                 catch(Exception e)
                 {
                 SessionLog.exception(this.getClass().getName() + ".login() exception: ", e);
                 }
                 }
                 }
                 }
                
                


                Everything returns as I expect on the login code. I still have more work on my part to integrate another login module that deals with roles for our authentication but what throws me off is that exception message that the security context has not been set.

                I hope this is the information you need to help. Please let me know if there is anything else I can look at or post here.

                Thanks again!


                • 5. Re: Authentication Error
                  Wolfgang Knauf Master

                  Hi,

                  what is the base class of your login module? You might take a look at JBoss classes which are also derived from this one, maybe they provide you with some hint.

                  I fear that we are leaving the field of my knowledge, but I try to give you further help.

                  Wolfgang

                  • 6. Re: Authentication Error
                    Luis Esquivel Newbie

                    My login module class implements javax.security.auth.spi.LoginModule.

                    Do you think the problem is code and not a configuration issue?

                    Thanks

                    • 7. Re: Authentication Error
                      Wolfgang Knauf Master

                      I would advice you to subclass

                      org.jboss.security.auth.spi.AbstractServerLoginModule
                      or one of its subclasses. This way, JBoss specific code might already be present. You could also compare your code to their implementation.

                      But I don't know whether this helps.

                      Wolfgang

                      • 8. Re: Authentication Error
                        Luis Esquivel Newbie

                        Hello Wolfgang,

                        Thank you for your response. I will try what you mention. I will post an answer if I figure it out.

                        Thanks again.

                        Luis